Project

General

Profile

Bug #819

spawn-fcgi processes ignore user's other groups

Added by Anonymous almost 14 years ago. Updated over 11 years ago.

Status:
Fixed
Priority:
Normal
Target version:

Description

I have observed the following behaviour with spawn-fcgi...
http://lists.edgewall.com/archive/trac/2006-August/009484.html

It seems that spawn-fcgi processes are restricted to the user's default group (or the group specified with -g or both - not sure) but in any case, the user's other groups are totally ignored. In the above example, the trac user is a member or the subversion group but a permissiod denied error is received when trying to access the Subversion repository, despite the correct permissions being set.

I have a feeling this might be related to bug #78. By the look of the changeset, the change was only applied to server.c and not spawn-fcgi.c as well.

-- chewi

#1

Updated by Anonymous almost 14 years ago

Ah I see that change was added later. Something's still not right then.

#2

Updated by Anonymous over 13 years ago

I've been experiencing the same thing. From looking at the code, I'd say it should work. But it doesn't for me.

-- Matthijs Kooijman <m.kooijman

#3

Updated by stbuehler almost 12 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix

If you specify user and group it should work (initgroups need username and group id).

#4

Updated by Anonymous almost 12 years ago

So are you saying that it is correct that only the exact user and group you specify (and not any other groups that user may be in) should apply? That doesn't seem right to me. I have since found that you can work around the problem by starting spawn-fcgi via sudo instead since that does respect the user's other groups.

#5

Updated by stbuehler almost 12 years ago

  • Status changed from Fixed to Wontfix
#6

Updated by stbuehler over 11 years ago

  • Project changed from Lighttpd to spawn-fcgi
  • Category deleted (mod_fastcgi)
#7

Updated by stbuehler over 11 years ago

  • Target version set to 1.6.0
#8

Updated by stbuehler over 11 years ago

  • Status changed from Wontfix to Fixed

Fixed in r13 (uses default user group as group; if you choose a different group, the spawned process will probably not have its default group in the group list).

Also available in: Atom